Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Don't kiss an elephant on the lips today.

comp / comp.os.linux.advocacy / Fuck Security. Check this Program.

SubjectAuthor
* Fuck Security. Check this Program.Lester Thorpe
+* Re: Fuck Security. Check this Program.Borax Man
|+* Re: Fuck Security. Check this Program.Lester Thorpe
||`- Re: Fuck Security. Check this Program.DFS
|`- Re: Fuck Security. Check this Program.Stéphane CARPENTIER
`* Re: Fuck Security. Check this Program.186282@ud0s4.net
 `- Re: Fuck Security. Check this Program.Lester Thorpe

1
Subject: Fuck Security. Check this Program.
From: Lester Thorpe
Newsgroups: comp.os.linux.advocacy, comp.os.linux.misc, alt.os.linux
Followup: comp.os.linux.advocacy
Organization: UsenetExpress - www.usenetexpress.com
Date: Mon, 16 Sep 2024 20:05 UTC
From: lt@gnu.rocks (Lester Thorpe)
Subject: Fuck Security. Check this Program.
Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc,alt.os.linux
Followup-To: comp.os.linux.advocacy
Mime-Version: 1.0
User-Agent: Up Your Asshole News
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 40
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Mon, 16 Sep 2024 20:05:39 +0000
Nntp-Posting-Date: Mon, 16 Sep 2024 20:05:39 +0000
X-Received-Bytes: 1857
X-Complaints-To: abuse@usenetexpress.com
Organization: UsenetExpress - www.usenetexpress.com
Message-Id: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com>
View all headers

The Linux distros have gone bat-shit crazy with their security garbage.
For example, all distros now are built with PIE, or Position Independent
Executables, and RELRO (Relocation Read-Only).

This cuts performance considerably especially when heaped upon all the
security junk.

The distros have the chicken-little "the sky is falling" philosophy.

What insane idiocy.

To check what kind of security is crippling your software one can use
the "checksec" utility:

https://github.com/slimm609/checksec.sh

Here are the results from a check of MY pan executable:

checksec --file=/usr/local/bin/pan

RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
No RELRO No canary found NX enabled No PIE No RPATH No RUNPATH No Symbols No 0 12 /usr/local/bin/pan

Now that's how it's supposed to be! I say "Fuck You!" to that
security nonsense.

There is no RELRO, no canary (i.e. stack protection), no PIE, and no for
every-fucking-thing else.

The exception is "NX," but this is purely a hardware feature in the
BIOS.

Compare this your distro "hardened" junk.

The distros have gone insane with their "the sky is falling"
philosophy.

--
Systemd: solving all the problems that you never knew you had.

Subject: Re: Fuck Security. Check this Program.
From: Borax Man
Newsgroups: comp.os.linux.advocacy
Organization: A noiseless patient Spider
Date: Tue, 17 Sep 2024 13:19 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rotflol2@hotmail.com (Borax Man)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Fuck Security. Check this Program.
Date: Tue, 17 Sep 2024 13:19:41 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 45
Message-ID: <slrnvej0fc.koq.rotflol2@geidiprime.bvh>
References: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com>
Injection-Date: Tue, 17 Sep 2024 15:19:42 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="cda75e42dfa548cca3ec730b13554bcf";
logging-data="3714258"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX186NJrvZzTaNPt/NJLDFgSrcQfjDdSAaFk="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:bHcBxefLoafkDec5TyAras3ShZY=
View all headers

On 2024-09-16, Lester Thorpe <lt@gnu.rocks> wrote:
> The Linux distros have gone bat-shit crazy with their security garbage.
> For example, all distros now are built with PIE, or Position Independent
> Executables, and RELRO (Relocation Read-Only).
>
> This cuts performance considerably especially when heaped upon all the
> security junk.
>
> The distros have the chicken-little "the sky is falling" philosophy.
>
> What insane idiocy.
>
> To check what kind of security is crippling your software one can use
> the "checksec" utility:
>
> https://github.com/slimm609/checksec.sh
>
> Here are the results from a check of MY pan executable:
>
> checksec --file=/usr/local/bin/pan
>
> RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
> No RELRO No canary found NX enabled No PIE No RPATH No RUNPATH No Symbols No 0 12 /usr/local/bin/pan
>
> Now that's how it's supposed to be! I say "Fuck You!" to that
> security nonsense.
>
> There is no RELRO, no canary (i.e. stack protection), no PIE, and no for
> every-fucking-thing else.
>
> The exception is "NX," but this is purely a hardware feature in the
> BIOS.
>
> Compare this your distro "hardened" junk.
>
> The distros have gone insane with their "the sky is falling"
> philosophy.
>
>

What sort of performance penalty do these security measures inflict?

I have noticed a change in my Debian 12 installation, where some
assembly programs I wrote require PIE disabled before they will link
using gcc. Is that related?

Subject: Re: Fuck Security. Check this Program.
From: Lester Thorpe
Newsgroups: comp.os.linux.advocacy
Organization: UsenetExpress - www.usenetexpress.com
Date: Tue, 17 Sep 2024 20:02 UTC
References: 1 2
From: lt@gnu.rocks (Lester Thorpe)
Subject: Re: Fuck Security. Check this Program.
Newsgroups: comp.os.linux.advocacy
References: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com> <slrnvej0fc.koq.rotflol2@geidiprime.bvh>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 44
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.gegeweb.eu!gegeweb.org!nntp.terraraq.uk!paurom.no!npeer.as286.net!npeer-ng0.as286.net!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Tue, 17 Sep 2024 20:02:04 +0000
Nntp-Posting-Date: Tue, 17 Sep 2024 20:02:04 +0000
Organization: UsenetExpress - www.usenetexpress.com
X-Complaints-To: abuse@usenetexpress.com
Message-Id: <17f620935c89dcbe$9729$2663915$802601b3@news.usenetexpress.com>
X-Received-Bytes: 2256
View all headers

On Tue, 17 Sep 2024 13:19:41 -0000 (UTC), Borax Man wrote:

>
> What sort of performance penalty do these security measures inflict?
>

It depends. But for any particular security feature the degradation is
measurable and is usually about 1%-5% and maybe more.

The problem is that there are hundreds of these security features and
when added together the performance impact may be quite significant.

Note that the kernel source file "kernel-parameters.txt" explicitly states
this:

mitigations = off
Disable all optional CPU mitigations. This
improves system performance...

There are no measures but it is a good indication of how various security
features can add up to significantly degrade performance.

IMO, a desktop workstation requires no security whatsoever but the distros
seem to assume that every GNU/Linux installation is a public-facing server.

I have created my own benchmarks that show performance increase with single
threaded math application of 37% with optimized programs versus distro programs.

>
> I have noticed a change in my Debian 12 installation, where some
> assembly programs I wrote require PIE disabled before they will link
> using gcc. Is that related?
>

Most likely it is. A PIE executable has no absolute addresses but only
relative addresses and these need to be handled differently by the loader.

--
Systemd: solving all the problems that you never knew you had.

Subject: Re: Fuck Security. Check this Program.
From: 186282@ud0s4.net
Newsgroups: comp.os.linux.advocacy
Organization: wokiesux
Date: Wed, 18 Sep 2024 06:43 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!border-4.nntp.ord.giganews.com!nntp.giganews.com!Xl.tags.giganews.com!local-1.nntp.ord.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Wed, 18 Sep 2024 06:43:59 +0000
Subject: Re: Fuck Security. Check this Program.
Newsgroups: comp.os.linux.advocacy
References: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com>
From: 186283@ud0s4.net (186282@ud0s4.net)
Organization: wokiesux
Date: Wed, 18 Sep 2024 02:43:59 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Message-ID: <zJqdnYZBo-0y63f7nZ2dnZfqn_idnZ2d@earthlink.com>
Lines: 46
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 99.101.150.97
X-Trace: sv3-FqwWy0wvRYvxFrLxy4q/eS+RtL5NZxJoFsAemHVg+wsJtmDBsnBL92DgQz4ndwh4Ss0ccQtQCwu76I+!WEB8JRz2Z6L+rznyUBbDoMHJeUefYw31HoVcMhglVHnTRzY4izVTlmXQAafPSIARTdsUigiLr9sz!fwW6ZOxHs5HWiHGt0vfY
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
View all headers

On 9/16/24 4:05 PM, Lester Thorpe wrote:
> The Linux distros have gone bat-shit crazy with their security garbage.
> For example, all distros now are built with PIE, or Position Independent
> Executables, and RELRO (Relocation Read-Only).
>
> This cuts performance considerably especially when heaped upon all the
> security junk.
>
> The distros have the chicken-little "the sky is falling" philosophy.
>
> What insane idiocy.
>
> To check what kind of security is crippling your software one can use
> the "checksec" utility:
>
> https://github.com/slimm609/checksec.sh
>
> Here are the results from a check of MY pan executable:
>
> checksec --file=/usr/local/bin/pan
>
> RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE
> No RELRO No canary found NX enabled No PIE No RPATH No RUNPATH No Symbols No 0 12 /usr/local/bin/pan
>
> Now that's how it's supposed to be! I say "Fuck You!" to that
> security nonsense.
>
> There is no RELRO, no canary (i.e. stack protection), no PIE, and no for
> every-fucking-thing else.
>
> The exception is "NX," but this is purely a hardware feature in the
> BIOS.
>
> Compare this your distro "hardened" junk.
>
> The distros have gone insane with their "the sky is falling"
> philosophy.

Well, THESE days, IS it all "insane" ???

Sorry, but State-funded evil people are
plentiful. MAY have to sacrifice some
performance for security.

Just sayin'

Subject: Re: Fuck Security. Check this Program.
From: Lester Thorpe
Newsgroups: comp.os.linux.advocacy
Organization: UsenetExpress - www.usenetexpress.com
Date: Wed, 18 Sep 2024 09:51 UTC
References: 1 2
From: lt@gnu.rocks (Lester Thorpe)
Subject: Re: Fuck Security. Check this Program.
Newsgroups: comp.os.linux.advocacy
References: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com> <zJqdnYZBo-0y63f7nZ2dnZfqn_idnZ2d@earthlink.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 31
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Wed, 18 Sep 2024 09:51:06 +0000
Nntp-Posting-Date: Wed, 18 Sep 2024 09:51:06 +0000
X-Received-Bytes: 1438
Organization: UsenetExpress - www.usenetexpress.com
X-Complaints-To: abuse@usenetexpress.com
Message-Id: <17f64dd0ec9917fa$56532$523959$802601b3@news.usenetexpress.com>
View all headers

On Wed, 18 Sep 2024 02:43:59 -0400, 186282@ud0s4.net wrote:

>
> Well, THESE days, IS it all "insane" ???
>
> Sorry, but State-funded evil people are
> plentiful. MAY have to sacrifice some
> performance for security.
>

GNU/Linux is most popular for public-facing servers with
lots of virtual machines. In this case, security is essential.

However, on a personal desktop workstation, with no open
network ports (save the occasional HTTP/HTTPS), then security
is quite unnecessary and should be eliminated.

I can guarantee that no state actor, or any other entity,
is interested in cracking my machine.

Most distros are built for the server role and they will
include tons of security features. Check out Ubuntu which
is the state of the art:

https://wiki.ubuntu.com/Security/Features

This list will only keep growing over time.

--
Systemd: solving all the problems that you never knew you had.

Subject: Re: Fuck Security. Check this Program.
From: DFS
Newsgroups: comp.os.linux.advocacy
Organization: A noiseless patient Spider
Date: Wed, 18 Sep 2024 12:26 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@dfs.com (DFS)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Fuck Security. Check this Program.
Date: Wed, 18 Sep 2024 08:26:54 -0400
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <vcegub$20oe$3@dont-email.me>
References: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com>
<slrnvej0fc.koq.rotflol2@geidiprime.bvh>
<17f620935c89dcbe$9729$2663915$802601b3@news.usenetexpress.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 18 Sep 2024 14:26:51 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="b72e3a0a0cad82b18bad070d65ef7573";
logging-data="66318"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18QPqF3NEu0zdTc2VghmifT"
User-Agent: Betterbird (Windows)
Cancel-Lock: sha1:+qkJsm9qXp5VcXYI6KdTuRYSpHU=
In-Reply-To: <17f620935c89dcbe$9729$2663915$802601b3@news.usenetexpress.com>
Content-Language: en-US
View all headers

On 9/17/2024 4:02 PM, Lying Larry Pietraskiewicz wrote:

> I have created my own benchmarks

You plagiarized from SciMark. You're a fraud.

Subject: Re: Fuck Security. Check this Program.
From: Stéphane CARPENTIER
Newsgroups: comp.os.linux.advocacy
Organization: Mulots' Killer
Date: Fri, 20 Sep 2024 19:57 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.gegeweb.eu!gegeweb.org!usenet-fr.net!proxad.net!feeder1-2.proxad.net!cleanfeed3-a.proxad.net!nnrp1-2.free.fr!not-for-mail
Newsgroups: comp.os.linux.advocacy
From: sc@fiat-linux.fr (Stéphane CARPENTIER)
Subject: Re: Fuck Security. Check this Program.
References: <17f5d230c6acb35e$9725$2663915$802601b3@news.usenetexpress.com>
<slrnvej0fc.koq.rotflol2@geidiprime.bvh>
Organization: Mulots' Killer
User-Agent: slrn/pre1.0.4-9 (Linux)
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Date: 20 Sep 2024 19:57:34 GMT
Lines: 19
Message-ID: <66edd3ae$0$1792$426a74cc@news.free.fr>
NNTP-Posting-Date: 20 Sep 2024 21:57:34 CEST
NNTP-Posting-Host: 78.201.248.7
X-Trace: 1726862254 news-3.free.fr 1792 78.201.248.7:36232
X-Complaints-To: abuse@proxad.net
View all headers

Le 17-09-2024, Borax Man <rotflol2@hotmail.com> a écrit :
> On 2024-09-16, Lester Thorpe <lt@gnu.rocks> wrote:
>>
>> This cuts performance considerably especially when heaped upon all the
>> security junk.
>
> What sort of performance penalty do these security measures inflict?

When someone will use his computer to mine bitcoins, the performance
penalties will be far higher than the security on his system. But he
wouldn't be able to spot the difference.

And when someone will use his computer to attack banks/companies
computers at least, the police will know easily that his computer has
been hacked because he can't be the brain of an attack.

--
Si vous avez du temps à perdre :
https://scarpet42.gitlab.io

1

rocksolid light 0.9.8
clearnet tor